CVE-2022-22244 The J-Web component of Juniper Networks Junos OS has an XPath injection vulnerability that can be used to attack other components, resulting in a partial compromise.

In these releases and versions, if a user is logged in with a valid username and password, an attacker can leverage the vulnerable JRE to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. The issue can be exploited remotely via the POST method. In order to be successful in exploiting the issue, an attacker must be able to forge a response with a specially crafted XPath query. The vulnerability cannot be exploited if the user is not logged in. An attacker must be authenticated and able to send a specially crafted query before being able to exploit the issue, which may require authentication with a valid username and password, or via a man-in-the-middle (MiTM) attack.

CVSS Scoring

CVSS v3 Base Score: 7.5
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/Au:N)

Resolved vulnerabilities

The following JRE vulnerabilities have been addressed in this release: CVE-2017-10271 CVE-2017-10407
The following XPath vulnerabilities have been resolved in this release: CVE-2018-0788
Note that the XPath vulnerability that has been resolved in this release is not a vulnerability within the Java Runtime Environment.
This issue only affects systems where the server is running a vulnerable version of Java. For systems where the server is running a fixed version of Java, there are no known risks or vulnerabilities.

Vulnerability Scenario

Attackers are able to perform an applet injection attack.

Vulnerability details

The Java Runtime Environment (JRE) contains an XPath channel that is vulnerable to a partial loss of confidentiality. If a user is logged in with a valid username and password, an attacker can leverage the vulnerable JRE to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities. The issue can be exploited remotely via the POST method. In order to be successful in exploiting the issue, an attacker must be able to forge a response with a specially crafted XPath query. The vulnerability cannot be exploited if the user is not logged in. An attacker must be authenticated and able to send a specially crafted query before being able to exploit the issue, which may require authentication with a valid username and password, or via a man-in-the-middle (MiTM) attack.

Products and Models

Affected by CVE-2022-22244
The following versions of Oracle JRE are affected: 7u51, 8u5, 8u6, and possibly earlier releases.

This vulnerability affects multiple products and models.

Timeline

Published on: 10/18/2022 03:15:00 UTC

References

• https://kb.juniper.net/JSA69899
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22244